diff --git a/.gitignore b/.gitignore
index 100afae..ff43108 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,4 +2,4 @@
 */env
 *.pem
 */open_three-tier-app.repo
-
+.*.swp
diff --git a/.yamllint b/.yamllint
new file mode 100644
index 0000000..bc764cb
--- /dev/null
+++ b/.yamllint
@@ -0,0 +1,9 @@
+---
+extends: default
+rules:
+  comments: disable
+  comments-indentation: disable
+  indentation:
+    indent-sequences: false
+  line-length:
+    max: 120
diff --git a/ansible.cfg b/ansible.cfg
index 7d6502e..785f60d 100644
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -3,6 +3,6 @@ inventory                   = hosts
 retry_files_enabled         = false
 
 [ssh_connection] 
-#ssh_args                    = -F ./ssh-bastion.cfg
-ssh_args                    = -F ./ssh-laptop.cfg
+ssh_args                    = -F ./ssh-bastion.cfg
+#ssh_args                    = -F ./ssh-laptop.cfg
 # Uncomment above to work from remote control node
diff --git a/cleanup.yml b/cleanup.yml
index c37588e..1a6b4f3 100644
--- a/cleanup.yml
+++ b/cleanup.yml
@@ -5,33 +5,33 @@
   become: true
   vars:
     three_tier_packages:
-      - httpie
-      - python-pip
-      - haproxy
-      - tomcat
-      - postgresql-server
+    - httpie
+    - python-pip
+    - haproxy
+    - tomcat
+    - postgresql-server
 
   tasks:
 
-    - name: reverse the enabling of sudo without tty for some ansible commands
-      replace:
-        path: /etc/sudoers
-        regexp: 'Defaults\s*!requiretty'
-        replace: '^Defaults requiretty'
-        backup: yes
+  - name: reverse the enabling of sudo without tty for some ansible commands
+    replace:
+      path: /etc/sudoers
+      regexp: 'Defaults\s*!requiretty'
+      replace: '^Defaults requiretty'
+      backup: true
 
-    - name: Remove the repo file
-      file:
-        state: absent
-        path: /etc/yum.repos.d/open_three-tier-app.repo
+  - name: Remove the repo file
+    file:
+      state: absent
+      path: /etc/yum.repos.d/open_three-tier-app.repo
 
-    - name: Remove base tools and three tier app packages
-      yum:
-        name: "{{ three_tier_packages }}"
-        state: absent
+  - name: Remove base tools and three tier app packages
+    yum:
+      name: "{{ three_tier_packages }}"
+      state: absent
 
-    - name: Remove index.html
-      file:
-        path: /tmp/index.html
-        state: absent
+  - name: Remove index.html
+    file:
+      path: /tmp/index.html
+      state: absent
 ...
diff --git a/main.yml b/main.yml
index 49e92b5..110220c 100644
--- a/main.yml
+++ b/main.yml
@@ -13,17 +13,13 @@
 #   Bare variables
 #   No use of handlers
 
-- name: configuration
+- name: Common configuration
   hosts: all
   gather_facts: false # remove later! speeds up testing
   become: true
+  roles:
+  - common
 
-  tasks:
-  - name: enable repos
-    template:
-      src: ./open_three-tier-app.repo
-      dest: /etc/yum.repos.d/open_three-tier-app.repo
-      mode: 0644
 
 - name: deploy haproxy
   hosts: frontends
diff --git a/roles/common/README.md b/roles/common/README.md
new file mode 100644
index 0000000..225dd44
--- /dev/null
+++ b/roles/common/README.md
@@ -0,0 +1,38 @@
+Role Name
+=========
+
+A brief description of the role goes here.
+
+Requirements
+------------
+
+Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+
+Role Variables
+--------------
+
+A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+
+Dependencies
+------------
+
+A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+    - hosts: servers
+      roles:
+         - { role: username.rolename, x: 42 }
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+An optional section for the role authors to include contact information, or a website (HTML is not allowed).
diff --git a/roles/common/defaults/main.yml b/roles/common/defaults/main.yml
new file mode 100644
index 0000000..205c4a1
--- /dev/null
+++ b/roles/common/defaults/main.yml
@@ -0,0 +1,2 @@
+---
+# defaults file for common
diff --git a/roles/common/handlers/main.yml b/roles/common/handlers/main.yml
new file mode 100644
index 0000000..2662adc
--- /dev/null
+++ b/roles/common/handlers/main.yml
@@ -0,0 +1,2 @@
+---
+# handlers file for common
diff --git a/roles/common/meta/main.yml b/roles/common/meta/main.yml
new file mode 100644
index 0000000..ab335ef
--- /dev/null
+++ b/roles/common/meta/main.yml
@@ -0,0 +1,15 @@
+---
+galaxy_info:
+  author: Johnathan Kupferer
+  description: Three tier app common
+  company: Red Hat
+  license: license (GPLv2, CC-BY, etc)
+  min_ansible_version: 2.7
+  platforms:
+  - name: GenericLinux
+    versions:
+    - all
+
+  galaxy_tags: []
+
+dependencies: []
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
new file mode 100644
index 0000000..c31a86a
--- /dev/null
+++ b/roles/common/tasks/main.yml
@@ -0,0 +1,2 @@
+---
+- include_tasks: yum-repos.yml
diff --git a/roles/common/tasks/yum-repos.yml b/roles/common/tasks/yum-repos.yml
new file mode 100644
index 0000000..0b13522
--- /dev/null
+++ b/roles/common/tasks/yum-repos.yml
@@ -0,0 +1,6 @@
+---
+- name: enable repos
+  template:
+    src: open_three-tier-app.repo.j2
+    dest: /etc/yum.repos.d/open_three-tier-app.repo
+    mode: u=rw,go=r
diff --git a/roles/common/templates/open_three-tier-app.repo.j2 b/roles/common/templates/open_three-tier-app.repo.j2
new file mode 100644
index 0000000..3f368d6
--- /dev/null
+++ b/roles/common/templates/open_three-tier-app.repo.j2
@@ -0,0 +1,32 @@
+[rhel-7-server-rpms]
+name=Red Hat Enterprise Linux 7
+baseurl=http://admin.na.shared.opentlc.com/repos/ocp/3.6/rhel-7-server-rpms
+enabled=1
+gpgcheck=0
+
+[rhel-7-server-rh-common-rpms]
+name=Red Hat Enterprise Linux 7 Common
+baseurl=http://admin.na.shared.opentlc.com/repos/ocp/3.6/rhel-7-server-rh-common-rpms
+enabled=1
+gpgcheck=0
+
+[rhel-7-server-extras-rpms]
+name=Red Hat Enterprise Linux 7 Extras
+baseurl=http://admin.na.shared.opentlc.com/repos/ocp/3.6/rhel-7-server-extras-rpms
+enabled=1
+gpgcheck=0
+
+[rhel-7-server-optional-rpms]
+name=Red Hat Enterprise Linux 7 Optional
+baseurl=http://admin.na.shared.opentlc.com/repos/ocp/3.6/rhel-7-server-optional-rpms
+enabled=1
+gpgcheck=0
+
+[epel]
+name=Extra Packages for Enterprise Linux 7 - $basearch
+baseurl=http://download.fedoraproject.org/pub/epel/7/$basearch
+mirrorlist=http://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch
+failovermethod=priority
+enabled=1
+gpgcheck=0
+#gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
diff --git a/roles/common/vars/main.yml b/roles/common/vars/main.yml
new file mode 100644
index 0000000..fed6035
--- /dev/null
+++ b/roles/common/vars/main.yml
@@ -0,0 +1,2 @@
+---
+# vars file for common
diff --git a/ssh-bastion.cfg b/ssh-bastion.cfg
index 5d4b0d0..30736f4 100644
--- a/ssh-bastion.cfg
+++ b/ssh-bastion.cfg
@@ -1,9 +1,9 @@
-Match User ec2-user
-  IdentityFile ./6400key.pem
-
 Host *.internal 
   User ec2-user
   StrictHostKeyChecking no
   ControlMaster auto
   ControlPath /tmp/%h-%r
   ControlPersist 5m
+
+Match User ec2-user
+  IdentityFile ~/.ssh/466ekey.pem